Starting with Log Analytics: Part 8 - Sending data to Log Analytics from Azure Automation and Data Collector API

In this post I will show you how to send data to a Log Analytics workspace through an Azure Automation runbook.

Other articles

- Part 1: Creating our first Log Analytics workspace 

- Part 2: Importing your own datas into the workspace

- Part 3: Creating our first workbook

- Part 4: Add Intune datas into Log Analytics workspace

- Part 5: Running KQL queries in Log Analytics through PowerShell

- Part 6: Creating a lab by importing a CSV with fake data

- Part 7: Give your workbook a better look

- Part 8: Sending data to Log Analytics from Azure Automation (you are here) 

- Part 9: Sending data from Log Analytics to Power BI (next one)

Context

Here we want to collect data that are not available in Log Analytics like data from Endpoint Analytics or something else.

You can find here an example of dashboard I created to collect BSOD data provided by Endpoint Analytics in Intune.

The automation script gets data with MS Graph then send them to a Custom log in Log Analytics.

Required information

We want to send data to a Log Analytics workspace.

For our need, below information are required:

- Log Analytics workspace ID

- Primary key

- Name of the log to create or update

You can find both Workspace ID and primary key in the Agents management part.

We will provide all those info into variables in our script.

Now we will configure our Azure Automation account.

Creating the account

1. Go to Azure

2. Go to Automation accounts

3. Click on Create

4. Type a name

5. Choose a Subscription

6. Choose the Resource group

7. Choose your region

8. Click on Create

9. Wait a bit

10. Click on Go to resource

Set Managed Identity

The managed identity will be used to authenticate to your tenant, this way we don't need to provide credentials.

It allows you to avoid the credentials part.

When you configure the managed identity, a new Azure Enterprise application will be created.

This one will be used to authenticate to our tenant.

You can get more info about Managed identity there.

For that we will proceed as below:

1. Go to your automation account

2. Go to Identity (Preview)

3. Go to System assigned

4. Select On

5. Click on Save

6. Click on Yes

Adding permissions

Once the Managed Identity has been configured a new Enterprise application will be created.

Then you need to add permissions to be able to actions.

Depending of what you want to do, permissions may change.

Here we want to play with Intune devices we will need below permissions:

The required permissions is the following: 

- DeviceManagementConfiguration.Read.All 

- DeviceManagementManagedDevices.Read.All

To add this permission you will need to use PowerShell, it can't be done through the portal.

For that we will use the below script:

You just need to fill below variables:

- $TenantID: your tenant ID

- $DisplayNameOfMSI: name of your automation account

Adding module

Depending of what youwant to do, you may need a specific module.

Here below we will implement the pnp.powershell module for playing with SharePoint.

For that we will proceed as below:

1. Go to your automation account

2. Click on Modules gallery

3. Search: pnp.powershell

4. Click on pnp.powershell

5. Click on Import

6. Click on OK

Our runbook script

Log Analytics part

We will first provide log analytics workspace id, primary key and custom log to variables:

We will first use the two functions provided by Microsoft:

- Build-Signature

- Post-LogAnalyticsData

Authenticate with managed identity

Next step is to authenticate to our tenant using the managed identity.

For that we will use the below code:

Use a bit of MS Graph

Here we want to collect data about Intune devices.

For that we will use MS Graph using the below code:

Convert data to array

Now we will convert our data to an array:

Convert data to JSON

Then we will convert our data to a JSON:

Send data to Log Analytics

The last step is to send content to the Custom Log in Log Analytics:

Creating the Runbook

1. Click on + Create a runbook

2. Type a name

3. In Runbook type, select PowerShell

4. Click on Create

5 Click on Edit on the runbook

6. Copy script content

7. Click on Publish

8. Click on Yes

9. Go to your Runbook

10. Click on Schedules

11. Click on + Add a schedule

12. Click on Link a schedule to your runbook

13. Click on + Add a schedule

14. Type a name

15. In Recurrence, select Recuring

16. Select what you want

17. Click on Create